Hi to all! it's my first time to post under the networking category since i'm really on the programming side so pls. bear with my ignorance. I'm just tasked to create a network with a very little understanding of it so here goes:
i need to set up a small office network that does this:
- everything is managed by a server, the user accounts, the access restrictions, the internet access, file sharing and storage(1 server computer only)
- user accounts are on the server (no local accounts except the "hidden admin" in windows) and there are initially 3 accounts: one for the Boss account, one for employee account, and another for the visitor account
Think of this part as a mini cloud network. nothing on the stations, all in the server. but we can still use the station storage and the software is still on the stations.
- manage net access at certain times for the stations (block facebook except after work hours and on breaks)
- totally block certain websites on the wifi end of the router (fear of bandwidth hogging if someone streams over the connection) but the wifi should be bright as day (full access) when the boss uses his laptop and goes wifi using the default windows setting (no fiddling with his laptop)
the equipment we're given is:
- 3 swtiches
- 1 router with 1 LAN port only but with wifi. has firewall and blockers
- 1 server PC (server 2003 enterprise)
- several work stations (mixed winXP, win7, ubuntu you name it) in static ip
- net access
currently we have this layout:
net -> router -> switches -> stations
in which if diagrammed should look like a tree, the net comming from the leaves and down the trunk to a router then spread throughout the office using switches towards the stations like roots. the server is in line with the stations (one of those root tips)
what we did:
- url blocker using the router
- set up a domain for the office for the network drives
- DNS of stations pointing to the server PC
- gateway pointing to the router
we have tested it on the stations and worked fine, blocked facebook and youtube on the times using the router, file sharing using networked drives, user groups until the bosses tried to use facebook via wifi. since the blocker is based on the router and its still work time, facebook is blocked. but they wanted access. so unblocked facebook, then in this case, facebook is unblocked in the whole network.
also, DNS seems to be slow using our server when accessing the net. we plan to switch to the default DNS setting but i read that DNS is needed for the active directory so it has to point to our server.
so questions are:
- is there any way to keep it pointing to our server for the active directory but when we access the net, use another DNS server?
- can we block sites using the server?
- can we manage users including the ones in the wifi?
- is there a way to uniquely identify a laptop over wifi? (the boss over wifi scenario)
- the router can block IP ranges, static IPs on the stations are fine but what about the dynamic ones like the ones in the wifi? what if they try to use an ip of a station to bypass the wifi blocker? i have already seen IP conflict with the static IP on the station via LAN with the auto-configged IP on an ubuntu laptop over the wifi.
- if a layout revision is needed, how do i go about it?
- some colleagues said that the server should be in line with the stations rather than being between the stations and the router for security. true?
If further questions are to be asked about this, feel free to do so. Pls, no flaming, I'm not really a network type of guy. as much as possible, nothing else new, no new software and hardware (making do with what's there) but im open to suggestions, esp free software.